The perpetrators behind the alleged attack first contacted the BBC Russian Service, leading to speculation that the hackers may be from the country responsible for so much of Facebook’s cybersecurity trouble. Adding credence to that theory, most of the stolen messages were from Russian and Ukrainian users, though people from the U.S., UK and Brazil also had their private info hacked.

Facebook told Gizmodo that it has investigated the hack, and believes that it occurred through malicious browser extensions installed off Facebook. However, it hasn’t revealed which extensions are responsible.

“We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores,” Facebook executive Guy Rosen told the BBC. “We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts.”

Of course, many of the stolen messages were harmless, but the BBC reported that others contained family photos, messages between lovers and other intensely private information.

Even though Facebook isn’t to blame for this breach, it’s still troubling news for the company. Here’s hoping it can fully shut down these bad browser extensions before they do any more damage.